[pLog-svn] Request for comments on site-wide HTTP auth patch

Jesse Peterson jesse.peterson at exbiblio.com
Wed Mar 22 05:36:47 GMT 2006


Hello everyone,

I've modified LifeType to have _very_ rough support for HTTP Auth for
anything that uses a Controller.  This is pretty naughty in that it
limits any use of a Controller to an HTTP page with authentication but
it works well enough for my use.  While I realize this won't be useful
to probably most of LifeType's users I thought I'd submit it for review
and comments anyway.  Thanks in advance for any reply!

Modified from release version 1.0.3 of LifeType:

Index: class/action/admin/adminaction.class.php
===================================================================
--- class/action/admin/adminaction.class.php	(revision 4)
+++ class/action/admin/adminaction.class.php	(working copy)
@@ -86,10 +86,12 @@
          */
         function _getBlogInfo()
         {
-            $session = HttpVars::getSession();
-            $sessionInfo = $session["SessionInfo"];
-
-            $this->_blogInfo = $sessionInfo->getValue( "blogInfo" );
+			if (!$this->_userInfo)
+				$this->_getUserInfo ();
+				
+			$users = new Users;
+			$this->_blogInfo = end ($users->getUsersBlogs
( $this->_userInfo->getId(), BLOG_STATUS_ACTIVE ));
+			unset ($unset);
         }
 
         /**
@@ -98,9 +100,9 @@
          */
         function _getUserInfo()
         {
-            $session = HttpVars::getSession();
-            $sessionInfo = $session["SessionInfo"];
-            $this->_userInfo = $sessionInfo->getValue("userInfo");
+			$users = new Users;
+			$this->_userInfo = $users->getUserInfo
( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
+			unset ($users);
         }
 
         /**
Index: class/controller/controller.class.php
===================================================================
--- class/controller/controller.class.php	(revision 4)
+++ class/controller/controller.class.php	(working copy)
@@ -20,6 +20,8 @@
     include_once
( PLOG_CLASS_PATH."class/action/actioninfo.class.php" ); include_once
( PLOG_CLASS_PATH."class/controller/resourceclassloader.class.php" ); 
+   // include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
+
     //
     // various constants that will come handy
     //
@@ -39,6 +41,34 @@
     //
     $_plogController_forwardAction = array();
 
+	class HttpAuthController extends Object {
+		function HttpAuthController () {
+			include_once
( PLOG_CLASS_PATH."class/dao/users.class.php" ); +
+			if (!$this->suppliedCredentials ())
+				$this->requireAuthentication ();
+			else {
+				// check credentials
+				$users = new Users;
+				if( !$users->authenticateUser( $_SERVER
['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ))
+					$this->requireAuthentication
();
+			}
+		}
+
+		function requireAuthentication () {
+			header ('WWW-Authenticate: Basic
realm="LifeType"');
+			header ('HTTP/1.0 401 Unauthorized');
+			echo '<html><body><h1>AUTHENTICATION
REQUIRED</h1></body></html>';
+			exit;
+		}
+		
+		function suppliedCredentials () {
+			return isset ($_SERVER['PHP_AUTH_USER']);
+		}
+	}
+
+	
+
     /**
      * \ingroup Controller
      *
@@ -121,7 +151,7 @@
      * @see FormValidator
      * @see Validator
      */
-    class Controller extends Object
+    class Controller extends HttpAuthController
     {
         var $_actionParam;
 		
@@ -150,7 +180,7 @@
          */
         function Controller( $actionMap, $actionParam =
DEFAULT_ACTION_PARAM ) {
-            $this->Object();
+			parent::HttpAuthController ();
 
             global $_plogController_actionMap;
             if( !is_array($_plogController_actionMap))
Index: class/controller/admincontrollermap.properties.php
===================================================================
--- class/controller/admincontrollermap.properties.php	(revision
4) +++ class/controller/admincontrollermap.properties.php
(working copy) @@ -7,7 +7,7 @@
      */
 
     // default action that is used if no other
-    $actions["Default"]    = "AdminDefaultAction";
+    $actions["Default"]    = "AdminMainAction";
     // after logging in, this is the action called
     $actions["Login"]      = "AdminLoginAction";
     // this action is called after we have verified that the user is
valid


More information about the pLog-svn mailing list